Post permalink

The only way banks could *try* to enforce that there is no MITM, is by shipping/physically handing out some sort of USB device where the access to the bank information was en/decrypted but unless that device plugs between your keyboard and the computer, it would still be quite vulnerable for sniffing (they should just hand out a custom smartphone when you open account). I know one bank which requires users to install Java runtime (while experts have for years complained that it's full of exploits, requiring additional measures to attempt to secure it if you have to install it) that they use to run a custom en/decryption at the client computer. This is much better than using the Windows API's which are easily sniffed but the fact they made it with Java makes it stink since most users won't know or bother even the most basic level of securing JRE once installed (namely, turning it off for everything but the bank that needs it or installing it in a VM).

When it comes to real security, you need a way for the system to inform that an attacker is studying it. If the security system is not "obscurity based" then there's likely less need to study it in order to break it and you may not get any warning before the attack takes place. This and ability to isolate the system during the reverse engineering phase, is what makes even the most "sophisticated" security systems worth nothing. The only good security is the kind that the attacker cannot study without getting noticed and there has to be reason to study and that's why I prefer security by obscurity in addition to the "mathematically sound security", which really is only secure if you assume the attacker is some empty pockets thief that can't afford hundred thousand custom designed chips (or cloud compute time) to crack your stuff.